<?php session_start(); $ref = $_SERVER['HTTP_REFERER'];
connectlogin();
if(isset($_SESSION['username'])) {

	echo '<div class="error_message">Attention! You are already logged in.</div>';
	echo "<h2>What to do now?</h2><br />";
	echo "Go <a href='javascript:history.go(-1)'>back</a> to the page you were viewing before this.</li>";
	
	exit();
}

// Has an error message been passed to login.php?
$error = $_GET['e'];

if($error == 1) {
    $error = '<div class="error_message">Attention! You must be logged in to view this page.</div>';
}

// Only process if the login form has been submitted.

if(isset($_POST['login'])) {

	$username = $_POST['username']; 
	$password = $_POST['password']; 

	if (!isset($username) || !isset($password)) { 
		header( "Location: index.php" ); exit();
	} elseif (empty($username) || empty($password)) { 
		$error = '<div class="error_message">Attention! Please enter your Username and Password.</div>';
	} else { 
	
	// Add slashes to the username and md5() the password 
	$user = mysql_real_escape_string(addslashes($_POST['username'])); 
	$pass = mysql_real_escape_string(cryptPassword($_POST['password'])); 
	
	
	$sql = "SELECT * FROM account_data WHERE name='$user' AND password='$pass'"; 
	$result = mysql_query($sql);
	
	// Check that at least one row was returned 
	$rowCheck = mysql_num_rows($result); 
	
	if($rowCheck > 0) { 
	while($row = mysql_fetch_array($result)) { 
	
	  // Start the session and register a variable 
	
	  session_start(); 
	  $_SESSION['username'] = $user;
	  //session_register('username'); 
	  	  
?>
<script type="text/javascript">
<!--
window.location = "index.php"
//-->
</script>
<?php
	
	  } 
	
	  } else { 
	
	  // If nothing is returned by the query, unsuccessful login code goes here... 
	
	  $error = '<div class="error_message">Attention! Incorrect username or password.</div>'; 
	  } 
	}
}


echo $error; ?>

<form action="" method="post"> 
                <table width="288" border="0" cellspacing="0" cellpadding="0"> 
                  <tr height="145"> 
                    <td width="288" height="145" valign="top" class="login"><br /> 
                      <br /> 
                      <table width="204" height="61" border="0" align="center" cellpadding="0" cellspacing="0"> 
                        <tr> 
                        <td width="31" align="center" valign="top">&nbsp;</td> 
                        <td width="173" align="left" valign="top"><input name="username" type="text" class="form" /></td> 
                        </tr> 
                        <tr> 
                          <td height="28" align="center" valign="top">&nbsp;</td> 
                          <td align="left" valign="top">
                          <input type="hidden" name="login" value="login" />
                          <input name="password" type="password" class="form" /></td> 
                        </tr> 
                      </table> 
                      <table width="200" border="0" align="center" cellpadding="0" cellspacing="0"> 
                        <tr> 
                          <td align="center"><input type="image" name="login" src="images/login-btn.png" width="104" height="28" border="0"/></a></td> 
                        </tr> 
                      </table></td> 
                  </tr> 
              </table></form> 


<p><a href="forgotten.php">Forgotten Password?</a></p>

<p>Not registered yet? It's free, quick &amp; easy to do so <a href="/sign_up.php">here</a></p>
<div id="news">
<ul id="news">
<?=getsnews()?>
</ul>
</div>